for: consumer complaints (83%), fair
lending (82%), privacy (79%), CRA
(78%), BSA/AML (70%), OFAC (68%)
and HMDA (68%). Additionally, 32% of
respondents are responsible for vendor
management, 28% manage compliance
with the Americans with Disabilities
Act, and 26% manage bank security.
Exhibit 2 above reflects the various
compliance functions some chief compliance officers hold.
In comparing the number of full-time
equivalent employees (FTE) in the compliance department in 2017 versus 2015,
32% of respondents indicated their staff
levels had increased versus only 5% reflecting smaller staff levels. Over the past
four ABA surveys, staff level increases
have been moving upward from a low
in 2011 of 23 percent, while institutions
reflecting reduced staff levels have remained around 5%.
The larger the institution, the more
likely their compliance department has
a separate budget; 70% do not have a
separate compliance department budget.
Fifty-four percent of institutions with a
separate compliance budget indicated
their budget had increased since 2015.
Institutions with increases of more than
10% over 2015 most often cited increased
staff levels and regulatory burden as the
factors contributing to the increase.
Eighty-two percent of institutions
house consumer compliant management
within the compliance department.
Functions performed generally include:
■ ■ ■ Overseeing complaint processing and
responding to the consumer;
■ ■ ■ Handling complaints received by
■ ■ ■ Tracking complaints not part of the
formal complaint process;
■ ■ ■ Reviewing complaints against regulatory requirements and bank policies
and procedures; and
■ ■ ■ Escalation of complaint issues.
Compliance Products and Services
A little more than 50% of respondent
institutions have outsourced one or
more compliance obligations. Functions
outsourced include compliance audits
(70%), fair lending reviews (48%), specific regulation audits (47%), BSA/AML/
OFAC activities (23%), UDAP/UDAAP
reviews (22%), and compliance monitoring (21%). For those institutions that
purchase compliance software or system
solutions, these primarily involve OFAC,
BSA/AML, HMDA, CRA, and Truth in
Lending Act requirements and activities.
Compliance function risk assessment
processes have become important tools
in helping financial institutions man-
age compliance risks. Almost 80% of
responding institutions perform an en-
terprise-wide risk assessment. The per-
centage of institutions performing these
risk assessments increase with asset size;
notably, 76% of institutions under $100
million in assets perform an enterprise-
wide risk assessment. These assessments
overwhelmingly are performed annually
and are either performed as a standalone
effort or integrated with other processes
like operational risk assessments, or
product, service or activity assessments.
Three quarters of responding com-
pliance officers said they play a part in
the planning process for launching new
products and services. As a result, a ma-
jority of compliance officers (52%) said
that their institutions have gone forward
with new products or services after com-
pliance department staff made positive
suggestions for reducing regulatory risk.
In fact, almost one third can identify
specific situations where compliance
department staff helped the institution
avoid potential reputation risk. Most of
the issues identified involved potential
UDAP/UDAAP risk (60%).
Compliance officers indicate over the
past two years they have had to update
or revise their compliance systems,
policies, or practices. The changes were
prompted by: changes to regulations,
regulatory guidance or interpretation
(77%); regulatory examination findings
(57%); compliance staff recommenda-
tions (55%), audit findings (47%), or
(33%). Obviously a sound compliance
management system, which includes ap-
propriate risk analyses, helps compliance
officers stay abreast of all the changes
that have been taking place over the past
few years and enables them to stay ready
as future regulatory changes will no
doubt continue to occur.
Survey results also show that the
compliance department is involved in
a number of bank business decisions
What other compliance function titles do you hold? (Check all that apply)
How many FTEs in your institution spend the majority
of their time on compliance-related management function tasks?
< $100 mil $100 mil < $500 mil $500 mil < $1 bil
$1 bil < $10 bil $10 bil or more